On March the 10th I upgraded ipfire from 163 to 164.
Everything worked fine. IPS was active with the rule sets from the 7th.
A week later the automatic update started and this is the feedback from ipfire
The ipfire has access to the internet:
RED (192.168.178.22) > Standard networks RED with Service Group (80, 443)
The IPS ruleset is " Emerging Threats Community Ruleset".
Proxy is active on BLUE and GREEN.
Normal behavior if I use the browser an start a session in the internet.
Presently the IPS is working but the rule sets are not updating.
What is to do?
At the moment to get things work again properly you only can perform a reboot of the system to get rid of this lock or you manually have to remove the “/tmp/ids_page_locked” file by hand.
What I found with the problem the of the IPS constantly freshing update was to disable the
“Drop packets from and to hostile networks (listed at Spamhaus DROP, etc.)” , found in the Firewall options page, which is enabled.
I reported bug 12791 regarding no defaults showing up for 3 new options. The bug has since been set as resolved, but makes this option enabled when it should be infact set to off because, from what I understand, the background stuff to make it work isn’t ready.
When I turned this option off, and rebooted, the IPS stuff page now refreshed correctly.
Edit: It worked fine for a while, but later tried a forced update and the IPS update icon kept rolling, and rolling, and rollin. So guess this wasn’t really a fix.
I have applied the c165 patches and things seem to be working but getting these errors reported on nightly update:
Mar 17 01:25:00 ipfire oinkmaster[24378]: <ERROR> Downloading ruleset for provider: subscripted.
Mar 17 01:25:12 ipfire oinkmaster[24378]: <ERROR> Downloading ruleset for provider: emerging.
Could anyone say whether this is a real error indicating the download really failed or is this a spurious error that should/could be ignored?
Edit:
The timestamp on gzip files at /var/tmp tend to indicate they were written at time of nightly update. Do they get regenerated even if the download fails?
[root@ipfire tmp]# ls -l /var/tmp/
total 95256
-rw------- 1 nobody nobody 3199897 Mar 17 01:25 idsrules-emerging.tar.gz
-rw------- 1 nobody nobody 94338775 Mar 17 01:25 idsrules-subscripted.tar.gz
.